From 2e572e7cb3698ed221add0b6f5d81aa0b12ecec8 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 13 Nov 2023 16:00:32 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/48xxx/CVE-2023-48068.json | 56 ++++++++++++++++--- 2023/4xxx/CVE-2023-4569.json | 2 +- 2023/6xxx/CVE-2023-6099.json | 99 ++++++++++++++++++++++++++++++++-- 2023/6xxx/CVE-2023-6100.json | 90 +++++++++++++++++++++++++++++-- 2023/6xxx/CVE-2023-6104.json | 8 +-- 2023/6xxx/CVE-2023-6105.json | 18 +++++++ 2023/6xxx/CVE-2023-6106.json | 18 +++++++ 2023/6xxx/CVE-2023-6107.json | 18 +++++++ 2023/6xxx/CVE-2023-6108.json | 18 +++++++ 9 files changed, 308 insertions(+), 19 deletions(-) create mode 100644 2023/6xxx/CVE-2023-6105.json create mode 100644 2023/6xxx/CVE-2023-6106.json create mode 100644 2023/6xxx/CVE-2023-6107.json create mode 100644 2023/6xxx/CVE-2023-6108.json diff --git a/2023/48xxx/CVE-2023-48068.json b/2023/48xxx/CVE-2023-48068.json index bbf92a63897..aee8a830849 100644 --- a/2023/48xxx/CVE-2023-48068.json +++ b/2023/48xxx/CVE-2023-48068.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-48068", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-48068", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DedeCMS v6.2 was discovered to contain a Cross-site Scripting (XSS) vulnerability via spec_add.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/CP1379767017/cms/blob/dreamcms_vul/dedevCMS/dedeCMS_XSS.md", + "refsource": "MISC", + "name": "https://github.com/CP1379767017/cms/blob/dreamcms_vul/dedevCMS/dedeCMS_XSS.md" } ] } diff --git a/2023/4xxx/CVE-2023-4569.json b/2023/4xxx/CVE-2023-4569.json index bdeafa8e468..d95a46e0c5b 100644 --- a/2023/4xxx/CVE-2023-4569.json +++ b/2023/4xxx/CVE-2023-4569.json @@ -105,7 +105,7 @@ { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "affected" + "defaultStatus": "unaffected" } } ] diff --git a/2023/6xxx/CVE-2023-6099.json b/2023/6xxx/CVE-2023-6099.json index a8237ea885f..93263dcef40 100644 --- a/2023/6xxx/CVE-2023-6099.json +++ b/2023/6xxx/CVE-2023-6099.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6099", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical has been found in Shenzhen Youkate Industrial Facial Love Cloud Payment System up to 1.0.55.0.0.1. This affects an unknown part of the file /SystemMng.ashx of the component Account Handler. The manipulation of the argument operatorRole with the input 00 leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-245061 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in Shenzhen Youkate Industrial Facial Love Cloud Payment System bis 1.0.55.0.0.1 entdeckt. Sie wurde als kritisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei /SystemMng.ashx der Komponente Account Handler. Durch die Manipulation des Arguments operatorRole mit der Eingabe 00 mit unbekannten Daten kann eine improper privilege management-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269 Improper Privilege Management", + "cweId": "CWE-269" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Shenzhen Youkate Industrial", + "product": { + "product_data": [ + { + "product_name": "Facial Love Cloud Payment System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0.55.0.0.0" + }, + { + "version_affected": "=", + "version_value": "1.0.55.0.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.245061", + "refsource": "MISC", + "name": "https://vuldb.com/?id.245061" + }, + { + "url": "https://vuldb.com/?ctiid.245061", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.245061" + }, + { + "url": "https://github.com/gatsby2003/Shenzhen-Youkate-Industrial-Co.-Ltd/blob/main/Shenzhen%20Youkate%20Industrial%20Co.%2C%20Ltd.md", + "refsource": "MISC", + "name": "https://github.com/gatsby2003/Shenzhen-Youkate-Industrial-Co.-Ltd/blob/main/Shenzhen%20Youkate%20Industrial%20Co.%2C%20Ltd.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "gatsby (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ] } diff --git a/2023/6xxx/CVE-2023-6100.json b/2023/6xxx/CVE-2023-6100.json index 4215c500157..280997989f1 100644 --- a/2023/6xxx/CVE-2023-6100.json +++ b/2023/6xxx/CVE-2023-6100.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6100", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic was found in Maiwei Safety Production Control Platform 4.1. This vulnerability affects unknown code of the file /api/DataDictionary/GetItemList. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-245062 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "In Maiwei Safety Production Control Platform 4.1 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /api/DataDictionary/GetItemList. Durch Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Information Disclosure", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Maiwei", + "product": { + "product_data": [ + { + "product_name": "Safety Production Control Platform", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.245062", + "refsource": "MISC", + "name": "https://vuldb.com/?id.245062" + }, + { + "url": "https://vuldb.com/?ctiid.245062", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.245062" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "weal (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N" } ] } diff --git a/2023/6xxx/CVE-2023-6104.json b/2023/6xxx/CVE-2023-6104.json index 088f5b5eccb..bca45f2ed71 100644 --- a/2023/6xxx/CVE-2023-6104.json +++ b/2023/6xxx/CVE-2023-6104.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6104", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** The CVE Record was published by accident." } ] } diff --git a/2023/6xxx/CVE-2023-6105.json b/2023/6xxx/CVE-2023-6105.json new file mode 100644 index 00000000000..bd053e63ab7 --- /dev/null +++ b/2023/6xxx/CVE-2023-6105.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6105", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6106.json b/2023/6xxx/CVE-2023-6106.json new file mode 100644 index 00000000000..4893c89663f --- /dev/null +++ b/2023/6xxx/CVE-2023-6106.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6106", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6107.json b/2023/6xxx/CVE-2023-6107.json new file mode 100644 index 00000000000..2e5996f7059 --- /dev/null +++ b/2023/6xxx/CVE-2023-6107.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6107", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6108.json b/2023/6xxx/CVE-2023-6108.json new file mode 100644 index 00000000000..0cdd07213d3 --- /dev/null +++ b/2023/6xxx/CVE-2023-6108.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6108", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file